package io.dbw.common.xss;


import org.apache.commons.lang3.StringUtils;

import java.util.HashSet;
import java.util.Set;

public class XssUtil {

	public static String cleanXSS(String valueP) {
		if(StringUtils.isBlank(valueP)) {
			return valueP;
		}
        String value = valueP.replaceAll("<", "&lt;").replaceAll(">", "&gt;");
        value = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");
//        value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");
        value = value.replaceAll("'", "& #39;");
        value = value.replaceAll("eval", "#40");
//        value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
        value = value.replaceAll("script", "#41");
        value = value.replaceAll("alert", "#42");
//        value = value.replaceAll("and", "#43");
        value = value.replaceAll("insert", "#44");
        value = value.replaceAll("delete", "#45");
        value = value.replaceAll("update", "#46");
        value = value.replaceAll("truncate", "#47");
        value = value.replaceAll("declare", "#48");
        value = value.replaceAll("javascript", "#49");
//        value = cleanSqlKeyWords(value);
        return value;
    }

    public static String unescapeHtml4(String valueP){
        if(StringUtils.isBlank(valueP)) {
            return valueP;
        }
        String value = valueP.replaceAll("&lt;", "<").replaceAll("&gt;",">" );
        value = value.replaceAll("& lt;","<").replaceAll("& gt;",">");
//        value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");
        value = value.replaceAll("& #39;","'" );
        value = value.replaceAll("#40", "eval");
//        value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
        value = value.replaceAll( "#41","script");
        value = value.replaceAll( "#42","alert");
//        value = value.replaceAll( "#43","and");
        value = value.replaceAll( "#44","insert");
        value = value.replaceAll( "#45","delete");
        value = value.replaceAll( "#46","update");
        value = value.replaceAll( "#47","truncate");
        value = value.replaceAll( "#48","declare");
        value = value.replaceAll( "#49","javascript");
        return value;
    }

    private static String key = "and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+";
    private static Set<String> notAllowedKeyWords = new HashSet<String>(0);
    private static String replacedString="INVALID";
    static {
        String keyStr[] = key.split("\\|");
        for (String str : keyStr) {
            notAllowedKeyWords.add(str);
        }
    }
    public static String cleanSqlKeyWords(String value) {
        String paramValue = value;
        for (String keyword : notAllowedKeyWords) {
            if (paramValue.length() > keyword.length() + 4
                    && (paramValue.contains(" "+keyword)||paramValue.contains(keyword+" ")||paramValue.contains(" "+keyword+" "))) {
                paramValue = StringUtils.replace(paramValue, keyword, replacedString);
            }
        }
        return paramValue;
    }
}
